Tonight I had a bit of a scare thanks to jumping to conclusions from the first Google result. I thought it might be a good idea to drop a reminder here to take a step back and remember that .bash_history is a thing.
While I was inspecting /etc/passwd on a new Ubuntu server to confirm a home directory, I noticed a new line at the bottom I had never seen.
What the heck is that? Searching Google brought me to this:
https://askubuntu.com/questions/896040/why-do-syslog-and-uml-net-have-home-in-etc-passwd/896049 specifically https://askubuntu.com/a/1151118
Crap. This was a relatively new install, did it already get owned? I didn’t see any suspicious processes running or notice any slowdowns. Do I need to re-image this machine? How did it happen? WHAT happened?
Running apt search uml confirmed it was actually installed.
Wait, did I install it myself?
A search in .bash_history revealed that yes, I installed it as a prerequisite while following the guide at https://github.com/kholia/OSX-KVM a few nights back. False alarm.